OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
Files
4ece669c6205ec78abfdadfe78869bbb8411463e
node/lib
History
Matteo Collina 635463cb92 tls: validate "rejectUnauthorized: undefined" 
Incomplete validation of rejectUnauthorized parameter (Low)

If the Node.js https API was used incorrectly and "undefined" was passed
in for the "rejectUnauthorized" parameter, no error was returned and
connections to servers with an expired certificate would have been
accepted.

CVE-ID: CVE-2021-22939
Refs: https://nvd.nist.gov/vuln/detail/CVE-2021-22939
Refs: https://hackerone.com/reports/1278254
PR-URL: https://github.com/nodejs-private/node-private/pull/276
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Akshay K <iit.akshay@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
2021-08-11 16:22:15 +01:00
..
assert
dns
fs
internal
bootstrap: call _undestroy() inside _destroy for stdout and stderr
2021-08-11 15:27:50 +02:00
path
stream
stream: utility consumers for web and node.js streams
2021-08-06 15:42:58 -07:00
timers
lib: make primordials Promise methods safe
2021-05-19 09:21:37 -07:00
util
_http_agent.js
async_hooks: merge resource_symbol with owner_symbol
2021-07-28 13:41:24 -07:00
_http_client.js
stream: unify stream utils
2021-07-11 10:40:30 +02:00
_http_common.js
http: clean up HttpParser correctly
2021-07-10 22:47:47 +02:00
_http_incoming.js
stream: add readableDidRead if has been read from
2021-08-02 05:59:18 -07:00
_http_outgoing.js
Revert "http: make HEAD method to work with keep-alive"
2021-06-08 17:54:28 +02:00
_http_server.js
stream: add readableDidRead if has been read from
2021-08-02 05:59:18 -07:00
_stream_duplex.js
_stream_passthrough.js
_stream_readable.js
_stream_transform.js
_stream_wrap.js
_stream_writable.js
_tls_common.js
tls: move legacy code into own file
2021-07-11 18:40:18 +02:00
_tls_wrap.js
tls: validate "rejectUnauthorized: undefined"
2021-08-11 16:22:15 +01:00
.eslintrc.yaml
lib: expose DOMException as global
2021-08-06 12:45:14 -07:00
assert.js
deps: update Acorn to v8.4.1
2021-06-29 17:20:45 +02:00
async_hooks.js
buffer.js
lib: make lazyDOMException more common
2021-06-28 13:44:28 +08:00
child_process.js
lib: add JSDoc typings for child_process
2021-06-17 11:40:32 -04:00
cluster.js
console.js
constants.js
crypto.js
crypto: implement webcrypto.randomUUID
2021-08-05 16:52:13 +02:00
dgram.js
dgram: extract cluster lazy loading method to make it testable
2021-05-09 09:16:22 +02:00
diagnostics_channel.js
dns.js
dns: allow --dns-result-order to change default dns verbatim
2021-06-02 19:28:05 +02:00
domain.js
lib: comment explaining special-case handling of promises
2021-07-23 03:54:33 +00:00
events.js
typings: add JSDoc typings for events
2021-05-21 14:18:28 -07:00
fs.js
fs: allow empty string for temp directory prefix
2021-06-26 16:34:13 +02:00
http2.js
http.js
typings: add JSDoc typings for http
2021-04-16 07:47:46 +02:00
https.js
http,https: align server option of https with http
2021-06-26 14:21:57 +00:00
inspector.js
module.js
net.js
async_hooks: merge resource_symbol with owner_symbol
2021-07-28 13:41:24 -07:00
os.js
os: add os.devNull
2021-06-01 21:06:18 +02:00
path.js
path: inline conditions
2021-05-12 07:26:22 -07:00
perf_hooks.js
perf_hooks: fix performance timeline wpt failures
2021-07-30 07:29:44 -07:00
process.js
punycode.js
punycode: add pending deprecation
2021-04-30 10:59:28 -07:00
querystring.js
typings: add JSDoc Types to lib/querystring
2021-04-18 11:00:28 +02:00
readline.js
readline: allow completer to rewrite existing input
2021-07-05 11:27:36 +00:00
repl.js
repl: do not include legacy getter/setter methods in completion
2021-08-01 16:43:46 +02:00
stream.js
stream: add isDisturbed helper
2021-08-06 07:45:38 +02:00
string_decoder.js
sys.js
timers.js
typings: add JSDoc typings for timers
2021-07-11 09:03:11 +02:00
tls.js
tls: move legacy code into own file
2021-07-11 18:40:18 +02:00
trace_events.js
tty.js
tty: enable buffering
2021-07-07 14:50:47 +02:00
url.js
lib: include url in bootstrap snapshot and remove unnecessary lazy-loads
2021-06-02 13:30:05 +08:00
util.js
lib: refactor to reuse validators
2021-05-19 09:22:56 -07:00
v8.js
src: add JSDoc typings for v8
2021-07-07 18:16:10 -04:00
vm.js
vm: use missing validator
2021-06-07 07:31:34 -07:00
wasi.js
wasi: use missing validator
2021-06-26 16:31:30 +02:00
worker_threads.js
worker: add setEnvironmentData/getEnvironmentData
2021-03-15 07:40:26 -07:00
zlib.js
zlib: avoid converting Uint8Array instances to Buffer
2021-07-26 09:01:53 -07:00